Hackers gained access to the GitHub repositories and tampered the source code of Gentoo by introducing a malicious script to delete all of your files.
In their official announcement, they mentioned:
“Today 28 June at approximately 20:20 UTC unknown individuals have gained control of the Github Gentoo organization and modified the content of repositories as well as pages there. We are still working to determine the exact extent and to regain control of the organization and its repositories. All Gentoo code hosted on GitHub should for the moment be considered compromised. “
Gentoo users are safe as long as they didn’t download anything from the compromised GitHub repos
Gentoo team assured that incident has nothing to do with the code hosted on the Gentoo infrastructure (or its official website). To explain this, they said: “Since the master Gentoo ebuild repository is hosted on our own infrastructure and since Github is only a mirror for it, you are fine as long as you are using rsync or webrsync from gentoo.org. “
So, if you’ve downloaded something from Gentoo’s GitHub yesterday, you need to discard it immediately and utilize their official website instead of the code hosted on GitHub till further confirmation.
Gentoo has regained the control of its GitHub account
In the recent alert, they confirmed that Gentoo has regained control of its GitHub Organization and they are closely working with GitHub on a procedure for resolution. Here’s what they wrote about it:
“Gentoo has regained control of the Gentoo Github Organization. We are currently working with Github on a procedure for resolution. Please continue to refrain from using code from the Gentoo Github Organization. Development of Gentoo primarily takes place on Gentoo operated hardware (not on GitHub) and remains unaffected. We continue to work with Github on establishing a timeline of what happened and we commit to sharing this with the community as soon as we can.”
Although the Gentoo commits are signed, they suggest that you should still verify the integrity of the signatures when using Git.
Linux security a myth?
We’ve yet to know how and who hacked Gentoo’s GitHub account. We are not sure if it was an individual or a group of hackers who hacked the account. So, we’ll make sure to update this article when there’s something more on it. Maybe Gentoo Linux should start finding GitHub alternatives to host the source code apart from its own infrastructure.
Meanwhile, this incident reminds me of the time when Linux Mint’s servers were hacked and the ISOs were compromised with a backdoor. Thankfully, it wasn’t that bad this time.
Linux maybe revered as a secure operating system but such incidents do happen. Generally, it’s not operating system’s fault but the maintainer’s.
What do you think of the Gentoo GitHub account hacking episode? Do you think it impact’s the image of Linux as a secure operating system?